--- a/components/openstack/nova/patches/08-CVE-2013-7130.patch Wed Jun 11 05:34:04 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,158 +0,0 @@
-Upstream patch fixed in Grizzly 2013.1.5, Havana 2013.2.2, Icehouse
-
-commit cbeb5e51886b0296349fc476305bfe3d63c627c3
-Author: Nikola Dipanov <[email protected]>
-Date: Tue Dec 10 17:43:17 2013 +0100
-
- libvirt: Fix root disk leak in live mig
-
- This patch makes sure that _create_images_and_backing method of the
- libvirt driver (called in several places, but most problematic one is
- the call in the pre_live_migration method) creates all the files the
- instance needs that are not present.
-
- Prioir to this patch - the method would only attempt to download the
- image, and if it did so with the path of the ephemeral drives, it could
- expose the image to other users as an ephemeral devices. See the related
- bug for more detaiis.
-
- After this patch - we properly distinguish between image, ephemeral and
- swap files, and make sure that the imagebackend does the correct thing.
-
- Closes-bug: #1251590
-
- Co-authored-by: Loganathan Parthipan <[email protected]>
-
- This patch also includes part of commit
- 65386c91910ee03d947c2b8bcc226a53c30e060a, not cherry-picked as a whole
- due to the fact that it is a trivial change, and to avoud the
- proliferation of patches needed to fix this bug.
-
- (cherry picked from commit c69a619668b5f44e94a8fe1a23f3d887ba2834d7)
-
- Conflicts:
- nova/tests/test_libvirt.py
- nova/virt/libvirt/driver.py
-
- Change-Id: I78aa2f4243899db4f4941e77014a7e18e27fc63e
-
-diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
-index d2ac73b..d9c7405 100644
---- a/nova/tests/test_libvirt.py
-+++ b/nova/tests/test_libvirt.py
-@@ -2346,6 +2346,69 @@ class LibvirtConnTestCase(test.TestCase):
-
- db.instance_destroy(self.context, instance_ref['uuid'])
-
-+ def test_create_images_and_backing(self):
-+ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
-+ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'create_image')
-+
-+ libvirt_driver.libvirt_utils.create_image(mox.IgnoreArg(),
-+ mox.IgnoreArg(),
-+ mox.IgnoreArg())
-+ conn._fetch_instance_kernel_ramdisk(self.context, self.test_instance)
-+ self.mox.ReplayAll()
-+
-+ self.stubs.Set(os.path, 'exists', lambda *args: False)
-+ disk_info_json = jsonutils.dumps([{'path': 'foo', 'type': None,
-+ 'disk_size': 0,
-+ 'backing_file': None}])
-+ conn._create_images_and_backing(self.context, self.test_instance,
-+ "/fake/instance/dir", disk_info_json)
-+
-+ def test_create_images_and_backing_ephemeral_gets_created(self):
-+ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ disk_info_json = jsonutils.dumps(
-+ [{u'backing_file': u'fake_image_backing_file',
-+ u'disk_size': 10747904,
-+ u'path': u'disk_path',
-+ u'type': u'qcow2',
-+ u'virt_disk_size': 25165824},
-+ {u'backing_file': u'ephemeral_1_default',
-+ u'disk_size': 393216,
-+ u'over_committed_disk_size': 1073348608,
-+ u'path': u'disk_eph_path',
-+ u'type': u'qcow2',
-+ u'virt_disk_size': 1073741824}])
-+
-+ base_dir = os.path.join(CONF.instances_path, '_base')
-+ ephemeral_target = os.path.join(base_dir, 'ephemeral_1_default')
-+ image_target = os.path.join(base_dir, 'fake_image_backing_file')
-+ self.test_instance.update({'name': 'fake_instance',
-+ 'user_id': 'fake-user',
-+ 'os_type': None,
-+ 'project_id': 'fake-project'})
-+
-+ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'fetch_image')
-+ self.mox.StubOutWithMock(conn, '_create_ephemeral')
-+ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
-+
-+ conn._create_ephemeral(
-+ target=ephemeral_target,
-+ ephemeral_size=self.test_instance['ephemeral_gb'],
-+ max_size=mox.IgnoreArg(), os_type=mox.IgnoreArg(),
-+ fs_label=mox.IgnoreArg())
-+ libvirt_driver.libvirt_utils.fetch_image(context=self.context,
-+ image_id=mox.IgnoreArg(),
-+ user_id=mox.IgnoreArg(), project_id=mox.IgnoreArg(),
-+ max_size=mox.IgnoreArg(), target=image_target)
-+ conn._fetch_instance_kernel_ramdisk(
-+ self.context, self.test_instance).AndReturn(None)
-+
-+ self.mox.ReplayAll()
-+
-+ conn._create_images_and_backing(self.context, self.test_instance,
-+ "/fake/instance/dir",
-+ disk_info_json)
-+
- def test_pre_live_migration_works_correctly_mocked(self):
- # Creating testdata
- vol = {'block_device_mapping': [
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 0f0ea46..6c2a22c 100755
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -3304,19 +3304,32 @@ class LibvirtDriver(driver.ComputeDriver):
- elif info['backing_file']:
- # Creating backing file follows same way as spawning instances.
- cache_name = os.path.basename(info['backing_file'])
-- # Remove any size tags which the cache manages
-- cache_name = cache_name.split('_')[0]
-
- image = self.image_backend.image(instance,
- instance_disk,
- CONF.libvirt_images_type)
-- image.cache(fetch_func=libvirt_utils.fetch_image,
-- context=ctxt,
-- filename=cache_name,
-- image_id=instance['image_ref'],
-- user_id=instance['user_id'],
-- project_id=instance['project_id'],
-- size=info['virt_disk_size'])
-+ if cache_name.startswith('ephemeral'):
-+ image.cache(fetch_func=self._create_ephemeral,
-+ fs_label=cache_name,
-+ os_type=instance["os_type"],
-+ filename=cache_name,
-+ size=info['virt_disk_size'],
-+ ephemeral_size=instance['ephemeral_gb'])
-+ elif cache_name.startswith('swap'):
-+ inst_type = instance_types.extract_instance_type(instance)
-+ swap_mb = inst_type['swap']
-+ image.cache(fetch_func=self._create_swap,
-+ filename="swap_%s" % swap_mb,
-+ size=swap_mb * (1024 ** 2),
-+ swap_mb=swap_mb)
-+ else:
-+ image.cache(fetch_func=libvirt_utils.fetch_image,
-+ context=ctxt,
-+ filename=cache_name,
-+ image_id=instance['image_ref'],
-+ user_id=instance['user_id'],
-+ project_id=instance['project_id'],
-+ size=info['virt_disk_size'])
-
- # if image has kernel and ramdisk, just download
- # following normal way.